Chris Lamb

XORLY? Losing your GPG private key safely

It's quite convenient to have your GPG private key on your desktop, laptop and USB stick.. but if one of these is stolen or lost, you are pretty much obliged to issue a revocation.

Now, RAID-5 has this wonderful property whereby it is impossible to recover data from an array of size n if you have (at most) n-2 elements. So, one idea would be to create a small loopback device -based array that you can spread around your nice stealable items - you then use your key by combining >= n-1 of them.

..Or Eve must steal n-1 items before she can reconstruct your secret key. You can recover the "missing data" from single lost device, obviously.

There are almost certainly cooler algorithms for this, but none that are in the Linux kernel. Some scriptage that seems to work for me:

#!/bin/sh

set -eu

NUMITEMS=3
SIZE=30

create() {
   for NUM in $(seq $NUMITEMS);
   do
       dd if=/dev/zero of=$NUM.img bs=1M count=$(echo "$SIZE/($NUMITEMS-1)" | bc)
       losetup /dev/loop$NUM $NUM.img
   done

   sudo mdadm --create -l5 -n$NUMITEMS /dev/md0 $(seq -f "/dev/loop%g" $NUMITEMS)
   sudo mkfs.ext3 /dev/md0
}

stop() {
   sudo mdadm --stop /dev/md0

   for NUM in $(seq 1 $NUMITEMS);
   do
       sudo losetup -d /dev/loop$NUM || true
   done
}

start() {
   # Collect array elements from argv
   NUM=0
   for ELEM in $ELEMENTS;
   do
       NUM=$(( $NUM + 1 ))
       sudo losetup /dev/loop$NUM "$ELEM"
   done
   sudo mdadm --assemble --run /dev/md0 $(seq -f "/dev/loop%g" $NUM)
}

recreate() {
   # Assume already running
   dd if=/dev/zero of=$NUMITEMS.img bs=1M count=$(echo "$SIZE/($NUMITEMS-1)" | bc)
   losetup /dev/loop$NUMITEMS $NUMITEMS.img

   sudo mdadm --add /dev/md0 $NEW
   sudo mdadm --misc --wait /dev/md0
}

(This proof-of-concept script is deliberately broken: you'll have to write the argument handling yourself and convince yourself you don't have anything important at /dev/loop* or /dev/md0 or /. It might also make sense to only use the array in read-only mode, or you will have syncing issues.)

Ingenious learners may wish to construct other scenarios with other RAID levels; 5-device RAID-6 would only require 3 elements present to function (or to be stolen by Eve, naturally).

Not that I'm actually doing this: it's almost certainly as stupid as it sounds, I just haven't thought of a convincing reason yet.


Chris Lamb is a freelance software developer and the current Debian Project Leader. You can read other posts by me, see software I have written or read more about me. You can also follow me @lolamby.


Planets: ALUG UWCS WUGLUG Debian

Wednesday 23rd January 2008


11 comments

Comments are closed.